FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-2654

This CVE name corresponds to:

Entered Topic
2006-06-09 smbfs -- chroot escape

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-2654
Phase Assigned(20060530)

Description

Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.

References

Source Reference
FREEBSD FreeBSD-SA-06:16
BID 18202
OSVDB 25851
SECTRACK 1016194
SECUNIA 20390
XF freebsd-smbfs-directory-traversal(26860)